Intrusions exploiting multiple Fortinet FortiGate vulnerabilities including the critical remote code execution issue, tracked as CVE-2024-21762, and the critical remote authentication bypass flaw, tracked as CVE-2024-55591 have been launched by the Qilin ransomware gang, also known as Phantom Mantis, against several organizations across Spanish-speaking countries between May and June, according to Security Affairs.
After manually selecting its targets, Qilin, which was previously associated with compromising UK third-party medical testing and diagnostics provider Synnovis, has conducted a fully automated operation, a report from PRODAFT revealed. Researchers warned that global opportunistic attacks leveraging the FortiGate flaws could soon be mounted by Qilin, which has been known for double extortion tactics. Such findings come months after Russian-speaking threat actor Mora_001, which is linked to LockBit, was reported by Forescout's Vedere Labs to have abused a pair of Fortinet bugs to facilitate SuperBlack ransomware delivery.
After manually selecting its targets, Qilin, which was previously associated with compromising UK third-party medical testing and diagnostics provider Synnovis, has conducted a fully automated operation, a report from PRODAFT revealed. Researchers warned that global opportunistic attacks leveraging the FortiGate flaws could soon be mounted by Qilin, which has been known for double extortion tactics. Such findings come months after Russian-speaking threat actor Mora_001, which is linked to LockBit, was reported by Forescout's Vedere Labs to have abused a pair of Fortinet bugs to facilitate SuperBlack ransomware delivery.
